Malicious external attackers will use any means to access corporate information. Delivery mechanisms such as phishing-based attachments and malware-laden websites allow attackers to enter the figurative four walls of your organization. Unpatched applications (such as Flash and Java) allow access to credentials, the underlying operating system, data, and applications, giving the external attacker the ability to access not just corporate data, but (as in the case of this scenario) also the ability to pass any obtained information outside the corporate walls for further malicious use. It all starts with one compromised endpoint.
Download this whitepaper to learn a comprehensive approach to protect your organization that will entail not just looking at malware as a set of files to be detected, but also looking at it in terms of the actions it takes.